Enum KdfKeyAlgorithm

pub enum KdfKeyAlgorithm {
    Hkdf(HashAlgorithm),
}

Key-based Key Derivation Function algorithm enumeration.

基于密钥的密钥派生函数算法枚举。

Algorithm Selection | 算法选择

Choose the hash function based on your security requirements:

• HKDF-SHA256: Standard choice, good performance, 128-bit security
• HKDF-SHA384: Higher security margin, 192-bit security
• HKDF-SHA512: Maximum security, 256-bit security

根据您的安全要求选择哈希函数：

• HKDF-SHA256: 标准选择，良好性能，128 位安全性
• HKDF-SHA384: 更高安全边际，192 位安全性
• HKDF-SHA512: 最大安全性，256 位安全性

Variants

Hkdf(HashAlgorithm)

HMAC-based Key Derivation Function with configurable hash algorithm.

具有可配置哈希算法的基于 HMAC 的密钥派生函数。

Properties | 属性

• Standard: RFC 5869
• Type: Extract-and-Expand KDF
• Security: Based on HMAC security
• Performance: High (depends on hash function)

Features | 特性

• Salt Support: Optional salt for key separation

• Context Information: Application-specific context data

• Variable Output: Any desired output length

• Deterministic: Same inputs always produce same output

• 盐支持: 用于密钥分离的可选盐

• 上下文信息: 应用特定的上下文数据

• 可变输出: 任何所需的输出长度

• 确定性: 相同输入总是产生相同输出

Implementations

impl KdfKeyAlgorithm

pub fn build() -> KdfKeyAlgorithmBuilder

Creates a new key-based KDF algorithm builder.

创建新的基于密钥的 KDF 算法构建器。

Returns | 返回值

A builder that provides access to different key-based KDF algorithms. Use the builder methods to select the specific hash function for HKDF.

提供访问不同基于密钥的 KDF 算法的构建器。 使用构建器方法为 HKDF 选择特定的哈希函数。

Examples | 示例

use seal_crypto_wrapper::algorithms::kdf::key::KdfKeyAlgorithm;

let hkdf_sha256 = KdfKeyAlgorithm::build().hkdf_sha256();
let hkdf_sha512 = KdfKeyAlgorithm::build().hkdf_sha512();

impl KdfKeyAlgorithm

pub fn into_wrapper(self) -> KdfKeyWrapper

Converts the algorithm enum into a concrete wrapper implementation.

将算法枚举转换为具体的包装器实现。

Purpose | 目的

This method creates a wrapper that implements the key-based KDF algorithm trait, enabling actual cryptographic operations like key derivation from high-entropy input material with type safety guarantees.

此方法创建一个实现基于密钥的 KDF 算法 trait 的包装器， 启用实际的密码操作，如从高熵输入材料派生密钥，并提供类型安全保证。

Returns | 返回值

A KdfKeyWrapper that can perform:

• Key derivation from high-entropy input
• Salt-based key separation
• Context-aware key derivation
• Variable-length output generation

可以执行以下操作的 KdfKeyWrapper：

• 从高熵输入派生密钥
• 基于盐的密钥分离
• 上下文感知的密钥派生
• 可变长度输出生成

Examples | 示例

use seal_crypto_wrapper::algorithms::kdf::key::KdfKeyAlgorithm;

let algorithm = KdfKeyAlgorithm::build().hkdf_sha256();
let kdf = algorithm.into_wrapper();

// Derive multiple keys from a master key
let master_key = b"high-entropy-master-key-32-bytes";
let salt = Some(b"application-salt".as_slice());

// Derive encryption key
let enc_key = kdf.derive(
    master_key,
    salt,
    Some(b"encryption"),
    32
)?;

// Derive MAC key
let mac_key = kdf.derive(
    master_key,
    salt,
    Some(b"authentication"),
    32
)?;

// Keys are different due to different context
assert_ne!(enc_key, mac_key);

Security Best Practices | 安全最佳实践

When using the wrapper:

1. High-Entropy Input: Ensure input key material has sufficient entropy
2. Unique Salts: Use different salts for different applications
3. Context Separation: Use context info to separate different key purposes
4. Appropriate Length: Request only the key length you need

使用包装器时：

1. 高熵输入: 确保输入密钥材料具有足够的熵
2. 唯一盐: 为不同应用使用不同的盐
3. 上下文分离: 使用上下文信息分离不同的密钥用途
4. 适当长度: 仅请求您需要的密钥长度

Input Requirements | 输入要求

• Key Material: Should have at least 128 bits of entropy

• Salt: Optional but recommended for key separation

• Context: Application-specific information for domain separation

• Output Length: Any length up to algorithm maximum

• 密钥材料: 应至少具有 128 位熵

• 盐: 可选但推荐用于密钥分离

• 上下文: 用于域分离的应用特定信息

• 输出长度: 算法最大值内的任何长度

Trait Implementations

impl<'__de, __Context> BorrowDecode<'__de, __Context> for KdfKeyAlgorithm

fn borrow_decode<__D: BorrowDecoder<'__de, Context = __Context>>( decoder: &mut __D, ) -> Result<Self, DecodeError>

Attempt to decode this type with the given BorrowDecode.

impl Clone for KdfKeyAlgorithm

fn clone(&self) -> KdfKeyAlgorithm

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for KdfKeyAlgorithm

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<__Context> Decode<__Context> for KdfKeyAlgorithm

fn decode<__D: Decoder<Context = __Context>>( decoder: &mut __D, ) -> Result<Self, DecodeError>

Attempt to decode this type with the given Decode.

impl<'de> Deserialize<'de> for KdfKeyAlgorithm

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Encode for KdfKeyAlgorithm

fn encode<__E: Encoder>(&self, encoder: &mut __E) -> Result<(), EncodeError>

Encode a given type.

impl From<KdfKeyAlgorithm> for KdfKeyWrapper

fn from(algorithm: KdfKeyAlgorithm) -> Self

Converts to this type from the input type.

impl Hash for KdfKeyAlgorithm

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for KdfKeyAlgorithm

fn eq(&self, other: &KdfKeyAlgorithm) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for KdfKeyAlgorithm

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Copy for KdfKeyAlgorithm

impl Eq for KdfKeyAlgorithm

impl StructuralPartialEq for KdfKeyAlgorithm